|
|
|
tapiiri...please help
|
|
|
lynds531
Newbie
|
28. June 2007 @ 21:20 |
Link to this message
|
ive been infected with the trojan.popper virus. i cant get rid of it. ive tried all of the virus software and nothing can remove it.
i saw where you helped fincab get rid of his virus and i could really use your help. ive already downloaded HijackThis. i just need your help with what to do after that. i would really love your help!
thank you so much for your time!
|
|
Advertisement
|
|
|
|
Member
|
2. July 2007 @ 05:00 |
Link to this message
|
Hi Lynds!
Here is istructions :)
Please, download HijackThis v.1.99.1 here.
Once it is downloaded, extract the zip file to c:\hjt and navigate to the c:\hjt folder.
Now double-click on hijackthis.exe and when the window opens,
put a checkmark in the box at the bottom that states Don't show this frame again when I start HijackThis.
Please, clikc now "Do system scan and save a logfile" and copy and paste the contents of the notepad it opens as a reply to this post.
|
|
lynds531
Newbie
|
2. July 2007 @ 15:57 |
Link to this message
|
|
does it matter if im running in safe mode? im having a hard time keeping my computer going without being in safe mode!
|
Member
|
3. July 2007 @ 00:39 |
Link to this message
|
hmm.. HijackThis can't show all files, if you run it in safemode..
But, if you can't in normal mode, do it in safemode. :)
This message has been edited since posting. Last time this message was edited on 3. July 2007 @ 00:40
|
|
lynds531
Newbie
|
5. July 2007 @ 10:16 |
Link to this message
|
i tried in reg mode, but before i could finish the scan i got the "blue death" screen
so here is my hijack log from safe mode:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:15:13 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\lyndsey\lyndscutigers documents\HiJackThis_v2.0.0.0.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
--
End of file - 10227 bytes
|
Member
|
5. July 2007 @ 13:40 |
Link to this message
|
Hi!
What firewall do you use?
What antivirus do you use?
__________
You have lot of startup programs.. so let's cut some of them..
At the first, you should make a new folder to C -driver and move HijackThis.exe there.
C:\Hjt\HijackThis.exe
Please run C:\Hjt\HijackThis.exe and choose do a system scan only. Check the boxes next to ONLY the entries listed below:(you don't have to check them all.. check those lines, which you don't need when your computer starts... Check all red lines.)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Now close all windows other than HijackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis and reboot your computer now.
_____________
Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
_____________
Please, post comobfix.txt and a fresh HijackThis log :)
This message has been edited since posting. Last time this message was edited on 5. July 2007 @ 13:41
|
|
lynds531
Newbie
|
5. July 2007 @ 19:10 |
Link to this message
|
here are the logs from the two processes
Logfile of HijackThis v1.99.1
Scan saved at 11:09:32 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe (file missing)
"lyndsey" - 2007-07-05 23:04:49 - ComboFix 07-07-04.4 - Service Pack 2 [SAFE MODE]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))
2007-07-05 23:04 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-28 03:36 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-28 03:36 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-28 03:36 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-26 16:45 <DIR> d-------- C:\HJT
2007-06-26 16:23 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-25 23:30 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-06-25 13:01 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-25 13:01 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-25 13:01 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-25 13:01 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-25 13:01 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-25 13:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-25 13:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-25 13:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-25 13:00 <DIR> d-------- C:\DOCUME~1\lyndsey\APPLIC~1\PC Tools
2007-06-25 12:45 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-06-25 12:36 1,044,480 --a------ C:\WINDOWS\system32\VchReg.dll
2007-06-25 12:36 <DIR> d-------- C:\Program Files\SpywareDetector
2007-06-25 11:42 <DIR> d-------- C:\Program Files\NetZeroInstallers
2007-06-24 20:01 1,898,498 ---hs---- C:\WINDOWS\system32\ijllm.bak2
2007-06-24 04:59 6,409 ---hs---- C:\WINDOWS\system32\ijllm.bak1
2007-06-10 16:54 4,194,304 --a------ C:\DOCUME~1\lyndsey\ntuser.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-30 16:54:20 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 18:12:10 -------- d-----w C:\Program Files\RGB
2007-06-25 18:12:00 -------- d-----w C:\Program Files\TorrentStorm(2)
2007-06-25 16:51:44 -------- d-----w C:\Program Files\Winamp
2007-06-13 07:28:42 -------- d-----w C:\Program Files\Trillian
2007-05-17 16:06:05 -------- d-----w C:\Program Files\UltimateBet
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel(2)(2).dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 12:46:27 665,600 ----a-w C:\WINDOWS\system32\wininet(2)(2).dll
2007-04-18 12:46:27 616,960 ----a-w C:\WINDOWS\system32\urlmon(2)(2).dll
2007-04-18 12:46:27 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2)(2).dll
2007-04-18 12:46:27 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw(2)(2).dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups(2)(2).dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2(2)(2).dll
2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32(2)(2).dll
2006-04-23 23:04:02 104 --sh--r C:\WINDOWS\system32\5B177034C9.sys
2006-04-23 23:04:02 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 16:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 18:10]
"MBMon"="CTMBHA.DLL" [2005-05-19 18:54 C:\WINDOWS\system32\CTMBHA.DLL]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-02-23 13:08]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 18:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-14 22:16]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-25 22:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 03:35]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-02 20:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 19:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 20:23]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 20:39]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-06-17 17:36:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-23 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - lyndsey.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-05 23:08:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-05 23:08:23
C:\ComboFix-quarantined-files.txt ... 2007-07-05 23:08
--- E O F ---
|
Member
|
6. July 2007 @ 04:38 |
Link to this message
|
Hi!
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
File::
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\ijllm.bak2
C:\WINDOWS\system32\ijllm.bak1
Save this as ComboFix-Do.txt
Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
___________________
Panda ActiveScan
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan ([color=#3366FF]Note: It may take a couple of minutes[/color])
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it!
Please, send the Panda activescan report.
________________
Please, send Panda onlinescanner's results and combofix log. :)
This message has been edited since posting. Last time this message was edited on 6. July 2007 @ 04:39
|
|
lynds531
Newbie
|
6. July 2007 @ 09:14 |
Link to this message
|
here is the combofix report, ill post the other next
"lyndsey" - 2007-07-06 13:08:56 - ComboFix 07-07-04.4 - Service Pack 2 [SAFE MODE]
Command switches used :: C:\Documents and Settings\lyndsey\lyndscutigers documents\lyndscutigers documents\ComboFix-Do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\ijllm.bak2
((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))
2007-07-05 23:04 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-28 03:36 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-28 03:36 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-28 03:36 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-26 16:45 <DIR> d-------- C:\HJT
2007-06-26 16:23 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-25 23:30 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-06-25 13:01 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-25 13:01 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-25 13:01 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-25 13:01 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-25 13:01 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-25 13:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-25 13:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-25 13:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-25 13:00 <DIR> d-------- C:\DOCUME~1\lyndsey\APPLIC~1\PC Tools
2007-06-25 12:36 1,044,480 --a------ C:\WINDOWS\system32\VchReg.dll
2007-06-25 12:36 <DIR> d-------- C:\Program Files\SpywareDetector
2007-06-25 11:42 <DIR> d-------- C:\Program Files\NetZeroInstallers
2007-06-10 16:54 4,194,304 --a------ C:\DOCUME~1\lyndsey\ntuser.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-30 16:54:20 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-25 18:12:10 -------- d-----w C:\Program Files\RGB
2007-06-25 18:12:00 -------- d-----w C:\Program Files\TorrentStorm(2)
2007-06-25 16:51:44 -------- d-----w C:\Program Files\Winamp
2007-06-13 07:28:42 -------- d-----w C:\Program Files\Trillian
2007-05-17 16:06:05 -------- d-----w C:\Program Files\UltimateBet
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel(2)(2).dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 12:46:27 665,600 ----a-w C:\WINDOWS\system32\wininet(2)(2).dll
2007-04-18 12:46:27 616,960 ----a-w C:\WINDOWS\system32\urlmon(2)(2).dll
2007-04-18 12:46:27 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2)(2).dll
2007-04-18 12:46:27 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw(2)(2).dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups(2)(2).dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2(2)(2).dll
2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32(2)(2).dll
2006-04-23 23:04:02 104 --sh--r C:\WINDOWS\system32\5B177034C9.sys
2006-04-23 23:04:02 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 16:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 18:10]
"MBMon"="CTMBHA.DLL" [2005-05-19 18:54 C:\WINDOWS\system32\CTMBHA.DLL]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-02-23 13:08]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 18:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-14 22:16]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-25 22:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 03:35]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-02 20:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 19:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 20:23]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 20:39]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-06-17 17:36:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-23 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - lyndsey.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-06 13:11:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-06 13:12:09
C:\ComboFix-quarantined-files.txt ... 2007-07-06 13:12
C:\ComboFix2.txt ... 2007-07-05 23:08
--- E O F ---
|
|
lynds531
Newbie
|
6. July 2007 @ 11:07 |
Link to this message
|
|
here is the panda scan report:
Incident Status Location
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\lyndsey\Application Data\Mozilla\Firefox\Profiles\q0yktxn4.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\lyndsey\Cookies\lyndsey@statcounter[2].txt
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
|
Member
|
6. July 2007 @ 12:36 |
Link to this message
|
Hi!
Do you use these poker softwares:
UltimateBet
C:\Program Files\UltimateBet\
Bodog Poker
C:\Program Files\Bodog Poker\
__________
If you don't, please do these below things:
Please open HijackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
Now close all windows other than HijackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
________________
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
UltimateBet
Bodog Poker
________________
Reboot your computer.
________________
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\Program Files\UltimateBet\
C:\Program Files\Bodog Poker\
________________
________________
Your computer looks clean.
Do you have problems?
|
|
lynds531
Newbie
|
10. July 2007 @ 18:33 |
Link to this message
|
|
im still getting the "blue death" screen whenever i boot up regularly. any idea what the problem could still be?
|
|
Advertisement
|
|
|
Member
|
11. July 2007 @ 04:20 |
Link to this message
|
|
ööh.. No i don't have any ideas.. When you got first bluescreen? What you did? Did you installed some softwares or something...?
|
|
